| 摘要: |
| 在调制信号智能识别领域,神经网络在遭到对抗攻击时的防御效果很差。为了应对这一挑战,基于传统神经网络模型提出了一种多任务注意力联合蒸馏训练框架。该框架分别训练针对干净样本和对抗样本的良好教师模型,然后联合指导学生网络训练,同时引入注意力机制平衡干净样本和对抗样本的训练损失,从而构建出具有高防御性能和强鲁棒性的学生网络。实验结果表明,在有效防御对抗信号的同时也保持了对干净样本信号的识别精度,相较于传统对抗训练方法,对干净样本的识别准确率提升约10%;同时在应对不同调制识别攻击方法和不同强度的扰动攻击时,分别表现出良好的泛化性和鲁棒的防御衰减性。 |
| 关键词: 调制识别 深度神经网络 对抗训练 知识蒸馏 注意力机制 |
| DOI:10.20079/j.issn.1001-893x.241218001 |
|
| 基金项目:国家自然科学基金资助项目(62371463) |
|
| A Multi-task Attention Joint Knowledge Distillation Methodfor Modulation Recognition |
| YAN Xiangjun,CHEN Yigong,LIU Shaolong,SHANG Zhihui,ZHANG Tao |
| (1.The 63rd Research Institute,National University of Defense Technology,Nanjing 230007,China;2.School of Electronic and Information Engineering,Nanjing University of Information Science and Technology,Nanjing 210044,China) |
| Abstract: |
| In the field of intelligent modulation signal recognition,neural networks exhibit poor defense performance when subjected to adversarial attacks.To address this challenge,a multi-task attention-based joint distillation training framework built upon traditional neural network models is proposed.The framework separately trains two high-quality teacher models specifically designed for clean samples and adversarial examples respectively,which then jointly guide the training of the student network through knowledge distillation.Notably,an attention mechanism is introduced to dynamically balance the training losses between clean and adversarial samples during the joint optimization process.This innovative architecture ultimately constructs a student network demonstrating enhanced defensive capabilities against adversarial attacks while maintaining strong robustness in normal classification scenarios,achieving optimal equilibrium between security protection and model stability.Experimental results demonstrate that the proposed method effectively defends against adversarial signals while maintaining recognition accuracy for clean sample signals.Compared with traditional adversarial training methods,the proposed method improves the recognition accuracy for clean samples by approximately 10%.Furthermore,when facing different modulation recognition attack methods and varying intensities of perturbation attacks,the proposed approach exhibits good generalization and robust defense degradation. |
| Key words: modulation recognition deep neural network adversarial training knowledge distillation attention mechanism |
《电讯技术》编辑部 